Detect a Non Responding Process - c#

I'm trying to detect if a process I'm launching via my C# program still answers or not.
I've tryed the following :
Process *notepads[];
notepads = Process::GetProcessesByName("Notepad.exe");
// Test to see if the process is responding.
if (notepads[0]->Responding())
notepads[0]->CloseMainWindow();
else
notepads[0]->Kill();
However, I would like to find a Qt equivalent for ANY process (not only MMI processes).
Do you know how I could do that ?

Getting process list is OS-dependent. so you have to do it by yourself on each platform.
on Windows, you can use Windows API EnumProcesses
on Linux, you can search /proc folder.

See QProcess documentation for details.
Qt does not provide any method to obtain information or control overs process that you don't explicitely start from a QProcess instance.

Related

Is it possible to code an "access clipboard" monitoring program?

Is there any possibility on Windows to create a programm ( C# or even C++, or any other language) which can be able to trace which process are using the clipboard ?
I have a malware who modify my clipboard when i paste ethereum adresses. No tools are able to detect this malware...since i'm programmer i would like to code a tool to help me to find the malicious process.
Any idea if it's possible ?
Thanks a lot
There is no Win32 API for monitoring access to the clipboard, only for detecting when changes are made to the clipboard's content.
To do what you are asking for, you will have to write a DLL that directly hooks the Win32 OpenClipboard() function, such as with a detour, and then you can inject that DLL into all running processes, such as with SetWindowsHookEx(), AppInit_DLLs, etc. When your hook is called, it can communicate information about the calling process back to your main app as needed, such as the process ID.
You can find an existing and reputable tool that can do that for you:
Sysmon v12.0 by SysInternals.
Although it doesn't mention it on the doc page, this states
Sysmon 12 adds clipboard capturing
I sifted through some help and references and confirmed that the following config works:
<Sysmon schemaversion="4.40">
<CaptureClipboard />
<EventFiltering>
<RuleGroup name="" groupRelation="or">
<ClipboardChange onmatch="exclude">
</ClipboardChange>
</RuleGroup>
</EventFiltering>
</Sysmon>
You can view those captured events in the Windows Event Viewer, in
Applications and Services Logs/Microsoft/Windows/Sysmon/Operational.
In response to my copying text from the command prompt, I can see this logged event:
Clipboard changed:
RuleName: -
UtcTime: 2020-10-12 22:08:45.505
ProcessGuid: {0509ed25-cd58-5f84-41a3-050000003500}
ProcessId: 20708
Image: C:\Windows\System32\cmd.exe
Session: 3
etc...
Another option, for DIY programmers :)
From your code, copy something to the Clipboard with delay rendering:
::SetClipboardData(CF_TEXT, NULL);
When someone (that malware?) would attempt to get that text, you will receive a WM_RENDERFORMAT message. If you place a breakpoint there and stop your execution, the calling program will be blocked on its GetClipboardData call or something like that.
I didn't figure out where to go from here. Enumerate all processes? Attach to each one with Debugger? Look at their call stack?

C# how to organize error message returning between two app

I have console application which is executed in another app. The problem is that the second app cannot catch the exceptions that first one throws (run with Process). So I have to write some class that contains my return code and appropriate message.So that the app which runs my executable can use it and show error message depending on return code. But I don't know how this kind of thing should be done.
This is an old post i stumbled on but why not answer?
I think what you are looking for is the error stream. In windows and most other systems the OS references it as stderr. I'll post some links for reading, but in essence, separate execution environments or applications only return codes that tell the OS weather or not an application exited (finished) successfully (0) or encountered an error (-1). In windows there are two separate streams stdout which we write execution messages to, or stderr which we write errors too. Those steams can then be read by your other application. Look at these for more info:
How to capture a Processes STDOUT and STDERR line by line as they occur, during process operation. (C#)
https://msdn.microsoft.com/en-us/library/system.diagnostics.process.standarderror(v=vs.110).aspx
https://msdn.microsoft.com/en-us/library/system.diagnostics.process.standardoutput(v=vs.110).aspx
Depending on your needs there are some other more complex solutions such as the "Interoperability Library" or writing to file.
Interop info:
https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/interop/

How can I call GetActiveObject on a process in another context?

Note: While my sample code is in Powershell, I could easily convert a C# sample into Powershell. I believe that C# developers are more likely to have encountered this issue, even though I am using Powershell to try and do this.
I am trying to debug an issue with server-side Word automation. I know that you're not meant to use it for server applications and we are in the process of changing the application so it doesn't do this but until this happens I need a reliable way to debug issues where it hangs as it does so randomly.
It is not OK for me to just switch .Visible = True on the Word object because it doesn't fail all the time. I just need a way to retrieve it every now and again when it does.
If I start Word and execute this script, it works:
$w = [System.Runtime.InteropServices.Marshal]::GetActiveObject("Word.Application")
$w.Visible = $false;
Start-Sleep -Seconds 5
$w.Visible = $true;
However, if the hanging copy of Word starts as invoked by the COM+ process, the following exception occurs:
Exception calling "GetActiveObject" with "1" argument(s): "Operation unavailable (Exception from HRESULT: 0x800401E3 (MK_E_UNAVAILABLE))"
The Powershell and COM+ process run under the same user, and in Task Manager they both show up as running under the same user.
I have tried running Powershell as all combinations of elevated/non-elevated and x86/x64 modes to no avail.
Therefore I assume the process is in another context or area that I am not able to access from my Powershell session.
So my question is one of:
How can I launch the Powershell process as part of the COM+ process?
How can I switch my context so I can access this object instance?
Is there any other way I can try and retrieve this hidden window and set it to visible?
Unfortunately, most questions that seemed to revolve around this theme end with someone saying "well, don't do that then". Sadly we don't have an option to redevelop this significant part of the system at the moment and I would like to get this documented for those of us who have to deal with these legacy systems from time to time.

C# How to to tell what process is using a file?

I am getting a pretty common, "The process cannot access the file because it is being used by another process."
Now I am nearly certain that the only process accessing this file is from code that I have written and I've been careful to use a using statement around accessing it.
But to be 100% sure, is there anyway to check this programatically when this error occurs?
There is also a small tool handle.exe in Sysinternals Suite that does exactly what you need. Use it from the command line:
handle.exe -a <filename>
Of course under Vista and Windows 7 this tool must be run elevated.
e.g. oh.exe from the Resource Kit and Process Explorer from sysInternals both show who is using what
Both of them use techniques not available in C#.
Windows Vista adds a new function, GetRunningObjectTable which you can use to detect which program has a file open. This only works in Vista+, and it only works when the application that has the file open actually implements supports for IFileIsInUse (e.g. Office supports it, but most 3rd-party apps probably don't).
Other than that, the usual way this is implemented is by opening each process, enumerating the file handles they have open and searching for the filename in question. This is pretty low-level, and would require quite a bit of P/Invoke to implement in C#, but it's not impossible.
It's usually easy enough just to open up Process Explorer and let it do the search.

Windows 7 taskbar - jumplist, jumplistlink and jumplistitem

I am using the Windows API Code Pack for Microsoft .NET Framework to try out of some of the new UI features of the Win7 taskbar. I am coding in C#.
I have a question regarding jumplists. All of the sample code provided assumes that the entries on the jump list are used to call out to run a particular application or open a document, e.g. a text document in a MRU list or run mspaint.exe.
I would like to implement some items which allow me to set state in my own application (i.e. the app which is interacting with the taskbar). MSN Messenger does this, for example, when you can set your status (Busy, Offline etc.).
Try as I might, I cannot create a JUmpListItem or JumpListLink to behave in this way - it treats them as applications or documents.
Does anyone have any samples of how to create an item which raises an event in the same application that created it? I am sure it is simple but I am being very daft.
Many thanks for your help.
I believe what you'd want to do is to call your application with a special set of flags (i.e. launch the executable with certain arguments). At application start up, you'd check to see what flags are set, then send a message to the main instance of the application and then exit out of the new instance.
Using the TaskBarDemo, to open an item created by your application would have to be referenced, ie if your program created a PDF file you would do this:
jumpList.AddUserTasks(new JumpListLink(Path.Combine(systemFolder, "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRD32.exe"), "Open Adobe Reader")
{
IconReference = new IconReference(Path.Combine(systemFolder, "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRD32.exe"), 0)
});
Otherwise you would have to ensure that your application registered file associations, for recent or frequent items.
I had a few problems with jumplists with the API Pack, i now use VS 2010 Beta 2 and let shell handle the jumplists.
Hope this is helpfull.
These tasks are some sort of IShellLink. Then, you should call ICustomDestinationList's AddUserTasks. Look up samples in Windows 7 Training Kit.

Categories